It's very common for storage folders in frameworks like laravel to require write permissions to these folders. These folders are also out of scope for the web user (/app/public
is generally the webroot), so user's don't just get to write to them as if they were public.
Most likely if you were to configure this in a production environment, you'd change the owner of the folder to that of the web server, and then make sure the owner has write permissions based on it's username and group.
chown www-data:www-data app/storage
or something.
But it has to be writable, and shouldn't be a major concern.